Overview

overview

10

Static

static

10

1180-59-0x...ry.exe

windows7-x64

1180-59-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1180-59-0x0000000000400000-0x0000000000426000-memory.dmp

  • Size

    152KB

  • MD5

    628d3ffa5e12c84ff984268b12f2b540

  • SHA1

    2cef83c3ebd81fa44e182aed4af7c88cdda76e05

  • SHA256

    73b6e3c1ffdae8039ad4f0b235a846857ef73fc73797d5a29b6e4771a2851e84

  • SHA512

    86093bcd05e3c667b21ec8e43b2bc6caef768e747abd99a01690dc6a0f177148dfc621712fb592bd063f7eb37bcb1ba3c9be5483897c464b75ac8062b044f1ad

  • SSDEEP

    1536:5ovM0Azz80bTyH5N+vBUFrlY9BOKRKMFodGuMzsOUiH6bKu5FzLb9RX/pcpiOWB:5ovMnmHmBOh4uVOURbfLbp2wB

Score
10/10
snakekeyloggerstormkitty

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.prestige.co.rs
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    4FIHB3RQQJR8
C2

https://api.telegram.org/bot5723707890:AAH2xRvI7tQmHUTxHRRudv8WoyAoxdIIcOI/sendMessage?chat_id=1760125104

Signatures

  • Snake Keylogger payload 1 IoCs
  • Snakekeylogger family
    snakekeylogger
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1180-59-0x0000000000400000-0x0000000000426000-memory.dmp
    .exe windows x86


    Headers

    Sections